Multistage Malware Detection Method for Backup Systems

Multistage Malware Detection Method for Backup Systems Pavel Novak Faculty of Informatics, Masaryk University, Botanicka 68a, 602 00 Brno, Czech Republic http://orcid.org/0009-0000-5488-2190 Vaclav Oujezsky Faculty of Informatics, Masaryk University, Botanicka 68a, 602 00 Brno, Czech Republic http://orcid.org/0000-0001-7629-6299 Patrik Kaura Faculty of Informatics, Masaryk University, Botanicka 68a, 602 00 Brno, Czech Republic Tomas Horvath Faculty of Informatics, Masaryk University, Botanicka 68a, 602 00 Brno, Czech Republic http://orcid.org/0000-0001-8659-8645 Martin Holik Faculty of Informatics, Masaryk University, Botanicka 68a, 602 00 Brno, Czech Republic http://orcid.org/0000-0002-8031-1663

This paper proposes an innovative solution to address the challenge of detecting latent malware in backup systems. The proposed detection system utilizes a multifaceted approach that combines similarity analysis with machine learning algorithms to improve malware detection. The results demonstrate the potential of advanced similarity search techniques, powered by the Faiss model, in strengthening malware discovery within system backups and network traffic. Implementing these techniques will lead to more resilient cybersecurity practices, protecting essential systems from hidden malware threats. This paper’s findings underscore the potential of advanced similarity search techniques to enhance malware discovery in system backups and network traffic, and the implications of implementing these techniques include more resilient cybersecurity practices and protecting essential systems from malicious threats hidden within backup archives and network data. The integration of AI methods improves the system’s efficiency and speed, making the proposed system more practical for real-world cybersecurity. This paper’s contribution is a novel and comprehensive solution designed to detect latent malware in backups, preventing the backup of compromised systems. The system comprises multiple analytical components, including a system file change detector, an agent to monitor network traffic, and a firewall, all integrated into a central decision-making unit. The current progress of the research and future steps are discussed, highlighting the contributions of this project and potential enhancements to improve cybersecurity practices.
02 05 2024 23 technologies12020023 Ministry of the Interior of the Czech Republic http://dx.doi.org/10.13039/100009532 VK01030030 https://creativecommons.org/licenses/by/4.0/ 10.3390/technologies12020023 https://www.mdpi.com/2227-7080/12/2/23 https://www.mdpi.com/2227-7080/12/2/23/pdf Razaulla The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions IEEE Access 2023 10.1109/ACCESS.2023.3268535 11 40698 10.1109/TSP59544.2023.10197687 Oujezsky, V., Novak, P., Horvath, T., Holik, M., and Jurcik, M. (2023, January 12–14). Data Backup System with Integrated Active Protection Against Ransomware. Proceedings of the 2023 46th International Conference on Telecommunications and Signal Processing (TSP), Prague, Czech Republic. Hervé Jegou, M.D. (2023, October 30). Faiss: A Library for Efficient Similarity Search. Available online: https://engineering.fb.com/2017/03/29/data-infrastructure/faiss-a-library-for-efficient-similarity-search/. Connolly An empirical study of ransomware attacks on organizations: An assessment of severity and salient factors affecting vulnerability J. Cybersecur. 2020 10.1093/cybsec/tyaa023 6 tyaa023 Brewer Ransomware attacks: Detection, prevention and cure Netw. Secur. 2016 10.1016/S1353-4858(16)30086-1 2016 5 (2023, November 05). Acronis Cyber Backup 12.5. Available online: https://www.acronis.com/en-us/support/documentation/AcronisCyberBackup_12.5/. (2023, March 31). Cloud Backup Solutions for Home and Business—Carbonite. Available online: https://www.carbonite.com/. Hoff, C. (2023, November 05). Creating Secure Backup for Ransomware Defense. Available online: https://www.veeam.com/blog/secure-backup-ransomware-defense.html. (2023, October 30). Ransomware Protection and Recovery with Druva. Available online: https://content.druva.com/c/sb-ransomware-protection-recovery?x=8S3ZxU#page=1. (2023, October 30). Commvault’s Immutable Infrastructure Architecture. Available online: https://cloud.kapostcontent.net/pub/6ca15136-2ef2-480d-a0b3-40880bd364f8/commvaults-immutable-infrastructure-architecture. (2023, October 30). The Veritas Ransomware Resiliency Strategy—A Holistic Approach for Enterprise-Grade Storage, Data Protection, and Application Availability. Available online: https://www.veritas.com/content/dam/www/en_us/documents/white-papers/WP_ransomware_resiliency_strategy_V1551.pdf. (2023, November 01). Rubrik for Ransomware Remediation Faster Ransomware Recovery from Backups That Cannot be Compromised. Available online: https://www.rubrik.com/content/dam/rubrik/en/resources/data-sheet/rubrik-ransomware-remediation.pdf. 10.1109/INCET51464.2021.9456440 Acharya, J., Chaudhary, A., Chhabria, A., and Jangale, S. (2021, January 21–23). Detecting Malware, Malicious URLs and Virus Using Machine Learning and Signature Matching. Proceedings of the 2021 2nd International Conference for Emerging Technology (INCET), Belagavi, India. Min A Content-Based Ransomware Detection and Backup Solid-State Drive for Ransomware Defense IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 2022 10.1109/TCAD.2021.3099084 41 2038 Alzahrani An Analysis of Conti Ransomware Leaked Source Codes IEEE Access 2022 10.1109/ACCESS.2022.3207757 10 100178 (2023, March 28). CIRCL. Available online: https://www.circl.lu/. (2023, November 10). NIST.gov—Computer Security Division—Computer Security Resource Center, Available online: https://csrc.nist.gov/. Faruk, M.J.H., Shahriar, H., Valero, M., Barsha, F.L., Sobhan, S., Khan, M.A., Whitman, M., Cuzzocrea, A., Lo, D., and Rahman, A. (2021, January 15–18). Malware detection and prevention using artificial intelligence techniques. Proceedings of the 2021 IEEE International Conference on Big Data (Big Data), Orlando, FL, USA. 10.1109/ICCCI59363.2023.10210183 Fujinoki, H., and Manukonda, L. (2023, January 23–25). Proactive Damage Prevention from Zero-Day Ransomwares. Proceedings of the 2023 5th International Conference on Computer Communication and the Internet (ICCCI), Fujisawa, Japan. 10.1109/ICICCS56967.2023.10142938 Charmilisri, A., Harshi, I., Madhushalini, V., and Raja, L. (2023, January 17–19). A Novel Ransomware Virus Detection Technique using Machine and Deep Learning Methods. Proceedings of the 2023 7th International Conference on Intelligent Computing and Control Systems (ICICCS), Madurai, India. Elkhail Seamlessly Safeguarding Data Against Ransomware Attacks IEEE Trans. Dependable Secur. Comput. 2023 10.1109/TDSC.2022.3214781 20 1 Molina On Ransomware Family Attribution Using Pre-Attack Paranoia Activities IEEE Trans. Netw. Serv. Manag. 2022 10.1109/TNSM.2021.3112056 19 19 Novák, A.P.V. (2022). Proceedings II of the 28th Conference STUDENT EEICT 2022, Brno University of Technology, Faculty of Electrical Engineering and Communication. 10.1109/SMART55829.2022.10047248 Takey, Y.S., Tatikayala, S.G., Patil, M.U., R, L.E.P., and Samavedam, S.S. (2022, January 16–17). Real Time Multistage Attack Detection Leveraging Machine Learning and MITRE Framework. Proceedings of the 2022 11th International Conference on System Modeling & Advancement in Research Trends (SMART), Moradabad, India. Costa A Lightweight and Multi-Stage Approach for Android Malware Detection Using Non-Invasive Machine Learning Techniques IEEE Access 2023 10.1109/ACCESS.2023.3296606 11 73127 Jibilian, I., and Canales, K. (2024, January 26). The US Is Readying Sanctions against Russia over the SolarWinds Cyber Attack. Available online: https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12?op=1. (2023, March 31). Docker: Accelerated, Containerized Application Development. Available online: https://www.docker.com/. National Institute of Standards and Technology (2023, November 06). National Software Reference Library (NSRL), Available online: https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl. OPSWAT (2023, November 06). Metadefender Cloud API v4 Documentation. Available online: https://docs.opswat.com/mdcloud/metadefender-cloud-api-v4. Althouse, J. (2023, October 28). TLS Fingerprinting with JA3 and JA3S. Available online: https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967. (2023, October 30). Ja3 fingerprints Database. Available online: https://sslbl.abuse.ch/ja3-fingerprints/. Devlin, J., Chang, M.W., Lee, K., and Toutanova, K. (2018). BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. arXiv. F5 (2023, November 06). What Is a Web Application Firewall (WAF)?. Available online: https://www.f5.com/glossary/web-application-firewall-waf,. Red Hat, Inc. (2023, November 06). Ansible Runner Documentation. Available online: https://ansible-runner.readthedocs.io/en/stable/index.html,.